Instructure Inc. Data Breach: 3.65TB Data Stolen

Instructure Inc., the education technology company behind Canvas, one of the world's most widely used learning management systems, disclosed a cybersecurity incident in May 2026.

Canvas is used by thousands of K-12 schools, colleges, universities, businesses and governments across more than 100 countries. The total number of individuals affected has not been disclosed.

The company posted updates about the incident on its status page. The University of Massachusetts Amherst, one of many institutions that rely on Canvas, described the event as a "vendor-driven national event affecting multiple institutions" on its own incident monitoring page.

On April 30, 2026, Instructure's status page reported that some customers were experiencing limited disruption to tools relying on API keys. The company said its team was actively investigating and had taken precautionary steps to help maintain service stability.

The following day, on May 1, 2026, Instructure's Chief Information Security Officer Steve Proud sent a notification to customers confirming that the company had recently experienced a cybersecurity incident perpetrated by a criminal threat actor. The company began investigating the incident with the help of outside forensics experts, working to minimize its impact.

On May 2, 2026, a hacking group known as ShinyHunters posted a claim on a dark web forum on the Tor network. The group alleged it had stolen 3.65 terabytes of data from Instructure. On the same day, Instructure provided an update stating it believed the incident had been contained.

The information involved consisted of certain identifying information of users at affected institutions. The types of data exposed included names, email addresses, student ID numbers and messages among users. The company claims no evidence of passwords, dates of birth, government identifiers or financial information were compromised.

Instructure's response to the breach

Canvas Data 2, Canvas Beta and Canvas Test were all placed under maintenance.

By May 4, 2026, Canvas Data 2 and Beta had been restored for all customers, though Canvas Test remained under maintenance. Some users also experienced slowness, page errors and issues with document viewing during this period.

As the investigation remains ongoing, this article will be updated as more information is released.

Steps to take if affected by the Instructure data breach

• Be cautious of phishing attempts that reference Instructure, Canvas or this breach by name, as exposed names and email addresses could be used to craft convincing scam messages.
• Change passwords on Canvas and related accounts as a precaution, and avoid reusing the same password across multiple platforms.
• Contact your school or institution's IT department to ask whether your data was affected and what additional steps or protections may be available.
• Monitor email accounts for unusual activity, including unexpected login alerts, password reset requests or messages that appear to come from classmates or instructors but seem suspicious.
• Review credit reports at AnnualCreditReport.com as a general precaution, even though financial information has not been reported as exposed in this breach.